Penguin

The DLink DSL-302G ADSL modem is actually a router/DHCP-server. What this means is that it is extremely simple to make this modem work with Linux. The following information describes how to get everything set up using the DebianLinux Sarge distribution running GNOME 2.8, but should be applicable to most LinuxDistributions.

Connecting

  1. Connect up the system physically. If the DSL-302G is the only thing you wish to connect to a particular phone jack, then you can just connect the ADSL modem directly to the socket. If you wish to run some other device (e.g. a standard modem, phone or fax) via the same phone jack then use the provided filter device which has both "ADSL" and "phone" outputs. In addition, all other phones/faxes/etc. need to have a filter inserted between them and the existing phone jack in order to prevent the ADSL signal being audible to those devices.
  2. Connect the DSL-302G to your PC via an ethernet cable. The DSL-302G also provides a USB 1.1 connection; if you get this working then please add information on this to this page!
  3. Define an "eth0" network connection. You can do this using graphical desktop tools (eg "Applications|System Tools|Networking") or by editing /etc/network/interfaces (see "man 5 interfaces"). Simply select "DHCP" for this interface and ignore all other options.
  4. Start the "eth0" connection, by selecting "activate" in the networking GUI admin tool, or running "ifup eth0" (as the root user) from the command-line. Linux will broadcast a DHCP request using the eth0 network interface, and the DSL-302G will respond by providing a local address for Linux to use. Unless explicitly configured otherwise, the DSL-302G assigns itself the address of 10.1.1.1 and (typically) provides the (local) address of 10.1.1.3 for your system to use.

    Note that you can arrange for the eth0 network interface to be started when your machine boots.

  5. Start a web browser (eg Mozilla) and go to "http://10.1.1.1" to access the modem's internal web server in order to configure the modem. When presented with a login page, enter "admin" for the user and "admin" for the password. Select the "Username and Password" link, and enter the username and password you arranged with your ISP. Finally select "ok" to reconfigure the modem.

Edit by Leslie Katz, Australia: I was unable to access the modem's internal web server with the Firefox for Linux web browser. As I have a dual-booting system, I changed to Windows and tried Firefox for Windows. Again, I was unable to gain access. I then tried Internet Explorer, with which I was able to gain access. I found that any saved changes made while using Internet Explorer persisted when I booted into Linux, so that making any needed changes with Internet Explorer is an adequate substitute for those with a dual-booting machine who, like me, have no success with Firefox for Linux. Further, in addition to typing in "http://10.1.1.1" in Internet Explorer, one can (at least with my firmware: r2.01m.b34.au(021206a/t93.3.44)) type in "http://10.1.1.1/mainpage?id=", followed by a number between one and thirty-one. One will then be prompted for one's user name and password and, after they are entered correctly, a page will open. In the case of pages ten (Routing Information Protocol Configuration), nineteen (IP Filter Configuration) and twenty (Firewall Configuration), the page is unhelpful.

Note that the DSL-302G appears to use some non-standards-compliant HTML in its admin interface, and so some of the pages look a little odd. In particular, you must click on the "OK" text, NOT on the grey button that appears to the left of this text.

You should now have broadband access!

Security

Because the DSL-302G runs as a router providing NAT (Network Address Translation) it is effectively impossible for any computer elsewhere on the internet to initiate network connections to your machine. The only way other computers can transfer data to your PC is as response data to requests originating from your PC (e.g. sending back web pages you have requested). This provides excellent security; separate firewall software is therefore generally not needed.

The disadvantage of the use of NAT by the DSL-302G is that you can't run a webserver or other service on your PC and have other people access it from the internet. Actually, you probably can by disabling DHCP on the DSL-302G, setting up a (private) static address on your PC, then configuring the NAT rules in the DSL-302G via the webserver at 10.1.1.1. Anyone who manages to get that running is invited to record the process here! Of course if you do this, then you should consider configuring a firewall on your PC to handle the new accessibility appropriately.

Edit: by Doug Hawkins (doug@lga.net.nz) You can run a webserver off this modem because I have done so (also on a ADSL connection with a dynamic IP (thanks to http://no-ip.com). Search the Dlink site for a PDF manual called "DSL-302G_Open.ports_and_DMZ.pdf". (or email me and I will flick you the PDF) The open port connects to my Linux box (FedoraCore 3) that serves the webserver. I had to run through a proxy server to locally view the pages on my other PC.
A link for the above is http://www.dlink.com.au/tech/drivers/files/modems/DSL-302G_Open.ports_DMZ.zip

Edit: by Ivo Keel There is one thing missing, at least for xtra.co.nz users: Port forwarding or open ports does not work with Firefox. That is what I found out after hours of unsuccessful tries, all bounced with "Method not implemented". It has to be Internet Explorer. But that does not need to pose an impediment for Linux users. An easy way to install IE6 for such purposes is provided by http://www.tatanka.com.br/ies4linux/page/Installation

Edit: additional by Chris Emery, UK: NAT stops all incoming connections by default, but most routers, including this one, support a method called Port Forwarding (NAPT) which basically sets an instruction that certain ports are always referred to a certain machine (set a fixed IP address relative to the router for this to work!). Port Forwarding allows a firewall to be selectively opened up, so for example, remote admin ports wouldn't reach your PC but web serving ports (8080?) would.

Edit by Leslie Katz, Australia: Following the instructions contained in the D-Link document referred to by Doug Hawkins (while using Internet Explorer) meant that I could open certain ports that I wanted to open. However, the document was a bit cryptic. Points four and five did not mention that it is necessary to do more than merely click on "Submit" when you've finished creating your NAT rule if you want it to be permanent. In that event, you must, after clicking on "Submit", go to "Admin", then to "Save & Reboot" and then click on "Save". Also, I wanted to open three contiguous ports and found that I could do so in a single rule by putting the number of the lowest port in "Destination Port From", the number of the highest port in "Destination Port To" and a zero in "Local Port".

Some routers are a bit flaky with port-forwarding but recent D-link, linksys' and US Robotics DSL routers are easily good enough.

Another way to do this is to use the modem in bridge mode, but you will probably need some type of PPPoA dialer on your PC. Here is an address for the manual to set up bridge mode on the modem. http://www.dlink.com.au/tech/drivers/files/modems/DSL-302G_Bridge_Mode.zip

CLI Interface

This modem has a fairly good command line interface that gives you access to many more features than are available via the web interface. Unfortunately documentation on this interface is hard to find, and it's not at all intuitive.

To access the CLI interface, telnet to the modem's ip address (telnet 10.1.1.1) and enter the administration userid and password when prompted.

The Solwise SAR110 Modem is based on the chipset and seems to have an identical CLI. Grab the manuals from http://www.solwise.co.uk/downloads/adsl.htm

Edit by Leslie Katz, Australia: At least in my case, the DSL-302g is not based on the same chipset as the SAR110. I was able to get to the CLI by issuing the command "telnet 10.1.1.1" (both in Windows and in Linux). After entering the user name and password I had been prompted for ("admin", in each case), I got a screen that welcomed me to "Titanium". Some web searching established that "GlobespanVirata?", a company afterwards acquired by Conexant, produced at least two chipsets for ADSL modems, "Viking" and "Titanium" (each of which appears still to be offered by Conexant). The Solwise manuals are for the Viking chipset, which offers certain features to which I was not able to gain access, either via the web interface or via telnet. For example, I was not able to access IP Filter Configuration or Firewall Configuration either via the web or via telnet. Further, at ftp://ftp.gentek.com/pub/gvc/adsl/BB0060/Manual/Viking%20and%20Viking%20II%20Chip%20Sets%20CLI%20Reference%20Manual%20DO-30017.pdf one finds a (self-described "preliminary") CLI Reference Manual for the "Titanium Plus TM Chipset Family for ADSL-Ethernet Bridges/Routers". How it compares to the CLI manual for the Viking chipset, I can't say.

Reasonable help is also available within CLI. Enter "?" at the command prompt or after commandline arguments for more detailed help.

For Example:

$?

Command        Description
-------        -----------
alias          To Alias a command
apply          Apply configuration/image file
commit         Commit the active config to the flash
create         Create a new entry of specified type
delete         Delete the specified entry
download       Download a file on to the Device
exit           To exit the CLI shell
get            Display info for the search
help           Provides help
list           List files
memset         Memset
modify         Modify information for specified entry
passwd         To modify user password
ping           The normal ping command
prompt         Change the user prompt
rdf            Read Flash
rdm            Read Memory
reboot         Reboot the device
remove         Remove file
reset          Reset info for the specified entry
size           ATM Sizing Information
traceroute     The normal traceroute command
trigger        To set trigger
unalias        To undefine previously defined alias
verbose        Switch ON/OFF the verbose mode
wrm            Write Memory


$create nat rule entry ?

Parameter                         Description
---------                         -----------
ruleid <decvalue>                  Rule identifier
<rule type>                        Type:basic|filter|napt|bimap|rdr|pass
[ prot <ProtType> ]                Vals:any|tcp|udp|icmp|[num <decvalue>]
[ ifname <name> ]                  Interface name
[ lcladdrfrom <ip addr> ]          Start source address
[ lcladdrto <ip addr> ]            End source address
[ glbaddrfrom <ip addr> ]          Start global address
[ glbaddrto <ip addr> ]            End global address
[ destaddrfrom <ip addr> ]         Start dest address
[ destaddrto <ip addr> ]           End dest address
[ destportfrom <Portval> ]         Portval: as given below
[ destportto <Portval> ]           Portval: as given below
[ lclport <Portval> ]              Portval: as given below
_____________________________________________________________________________
Portval   : {num <decvalue>}|echo|discard|chargen|ftp|telnet|smtp|dns|bootp
          :                 |tftp|http|pop3|snmp

Edit by Leslie Katz, Australia: Before discovering how to create a permanent NAT rule via the web interface, I tried to create a NAT rule via the CLI. That failed. After discovering how to create a permanent NAT rule via the web interface, I read that, as appears immediately above, when creating a NAT rule via the CLI and using a decimal port value, one should precede the decimal value by "num". It was unnecessary for me to test that, since by then, I had succeeded via the web interface.

Half Bridge Mode (DHCP Spoofing)

In this mode the modem terminates the PPP connection from the ISP but acts as a bridge. This means that you get the real world IP address on your computer and there is no NAT between you and the ISP. To enable this enter telnet mode and type the following commands (assuming you have already configured the account details)

 modify ppp intf ifname ppp-0 startondata
 modify nat global disable
 modify zipb cfg enable
 commit
 reboot

To configure half bridge mode via the HTTP interface:

  1. Point your web browser (e.g. Mozilla) to the "Network Address Translation (NAT) Configuration" page (WAN -> NAT)
  2. Select Disable NAT and Click Submit
  3. Navigate to the Save and Reboot page and save the new configuration.

It is recommended to reset the 302g to default settings and re-enter your ISP login information before trying this or it may not work.

This mode does seem a little flaky in that once the PPP connection is up it doesn't seem to like it if you try to gain a second lease (even from the same computer). Renewing an existing lease is fine however. So for example if your computer turns off or reboots you may need to power cycle the DSL modem as well in order to get a lease again. YMMV.

If you are having problems with the default lease expiry time of 1 minute being to short (a common problem with some broadband routers) or causing occasional drop outs on lease renewal, then to increase the lease time enter telnet mode and type the following commands:

modify dhcp server pool poolid 0 dlease 1800
modify dhcp server pool poolid 0 mlease 3600
commit
reboot

This example sets the DHCP lease to 30 minutes, with a Maximum lease of one hour. If your ISP changes your IP address frequently you may want to experiment with shorter values.

Please Also Note: If you purchased the modem in NZ chances are it will have an NZ firmware, modern NZ firmwares will not allow the modem to operate in half-bridge mode, it is possible to use the firmware from the support page for the DSL-302G on the Australian d-link site and just change the VCI/VPI settings to 0/100 and half-bridge mode will work.

Edited by Franc Zabkar (fzabkar@internode.on.net): The following Javascript routine synchronises a DSL-302G modem's date and time with system date and time:

http://www.users.on.net/fzabkar/DSL-302G/Utilities/TimeSync.htm

The routine has been tested on an Optus supplied modem. Certain parameters such as timezone_combo may need to be customised by the user. Self explanatory instructions are included within the body of the code.

All corrections and improvements gratefully received.

How to keep the clock accurate using SNTP

(stolen from http://www.sarguide.co.uk/sntp.php) ... and added timezone setting

You will probably find that if you turn off your router that it looses the time that you had set. Also, you may find that the router just looses time gradually, meaning that alarms etc are not really that accurate. Thanks to Oliver Broad for this.

You can keep the time accurate using SNTP (Simple Network Time Protocol). All you need to know is the address of an SNTP server. In this example i have used ntp2b.mcc.ac.uk

Log into the CLI and put in the following commands, pressing enter after each line:

create sntp servaddr dname ntp2b.mcc.ac.uk
modify system timezone "NZST"
modify sntp cfg enable
get sntp stats

The first line creates an entry telling the router the address of the SNTP server. The second line sets the timezone. The third line enables SNTP on the router, and the fourth will give you the status of SNTP so you can check it has worked.

The router will then check periodically and update it's time so that it is always accurate. It checks every 15 minutes (I think!!)

I have done the above on my 302G with success although after rebooting the time is as per the last SAVE operation until the link comes up and the time is automatically sync'd (however the UPTIME reported on the SYSTEM page is correct)

Changing HTTP and Telnet Ports

If in half-bridge mode (or full-bridge) any attempts on port 80 or 23 on the external IP address if you have external access disabled in the 302g will refuse the connection. This is troublesome if you want port 80 or 23 to be sent to the router like all the rest of the ports for a web server. Changing the ports is done in the CLI via Telnet using the following commands:

modify nbsize httpport 61080
modify nbsize telnetport 61023
commit
reboot

where 61080 is the port number 80 or a value between 61000 and 62000

where 61023 is the port number 23 or a value between 61000 and 62000

This information was originally found at http://martybugs.net/smoothwall/dsl300g_ports.cgi

This modem has caused me much pain, i use one at home without many problems. The fault lies with users who get given one for at home from their isps.. then are unable to make ipsec connections to their workplace.. have not found a solution.. upgrading to a 504G has resolved all these.. but seriously would recommend something better for most users.